<p>A growing number of embedded systems use security processors to distribute control, billing, and metering among devices with intermittent or restricted online connectivity. The more obvious examples include smart cards, microcontrollers used as value counters in postal meters and vending machines, and cryptographic processors used in networks of automatic teller machines and point-of-sale equipment to encipher customers' personal identification numbers.</p><p>Recently, a whole new family of attacks has been discovered on the application programming interfaces these security processors use. These API attacks extend and generalize the known types of attack that target authentication protocols. Such attacks present valid commands to the security processor but in an unexpected sequence, thereby obtaining results that break the security policy its designer envisioned.</p><p>Designing security APIs is a new research field with significant industrial and scientific importance. The poor design of present interfaces prevents many tamper-resistant processors from achieving their potential and leaves a disappointing dependency on procedural controls—the design of which involves subtleties likely to exceed the grasp of most implementers.</p><p>It is unclear that a "generalized" API will work. The natural accretion of functionality presents security with one of its greatest enemies. Yet, getting the API right is relevant for more than just cryptoprocessors. The API is where cryptography, protocols, operating-system access controls, and operating procedures all come together—or fail to. It truly is a microcosm of the security engineering problem. </p>